Closed Bug 436043 Opened 15 years ago Closed 13 years ago

time errors (certErrorExpired and certErrorNotYetValid) should indicate "now"


(Core Graveyard :: Security: UI, enhancement)

Windows XP
Not set


(Not tracked)



(Reporter: timeless, Assigned: timeless)




(Keywords: late-l10n)


(1 file, 2 obsolete files)

i distinctly remember working to implement something like this for maemo, specifically we had a certificate viewer which would indicate that a certificate was expired, just like this content (sadly it wasn't nss related), but there's a general rule of thumb:

if you're going to tell a user that there's something wrong with a time, you need to tell the user the current time, otherwise the user will unfortunately assume your math is bad (in the case we hit, the math actually *was* bad, but...).

users may trust browsers, but they also naively trust their system clock more than their browser, so unless the browser highlights that perhaps the system clock is wrong, users draw unfortunate conclusions.

Note: it isn't OK to get the time a second time, as the system can be jumping w/ ntpdate / similar network time syncs / domain time syncs, or the user futzing with the clock before/after the single call.

local variables shouldn't begin with the 'a' prefix, and comptrs are our friends....
Assignee: nobody → kaie
Component: Libraries → Security: UI
Product: NSS → Core
QA Contact: libraries → ui
Version: trunk → Trunk
Attachment #322754 - Flags: review?(kaie)
if there's a string freeze that worries people. i'm fine w/ just landing the changes to

and leaving the other bit out. that'd enable downstreams (like a microb) to integrate the change w/ their localizations.

ideally there'd be some way to add the change to locales as they're ready/able instead of permanently freezing the en-us string.
The error message on the current page is:

Secure Connection Failed uses an invalid security certificate.
The certificate will not be valid until 19-6-2008 2:00.
(Error code: sec_error_expired_certificate)
    * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
    * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.

Beside the patch above(not tested byme), it should add a suggestion to check the local date time.
Could you please use numbered string wildcards, I think it's something like %S$1
When localizing, the order of those entities might change.
Please also add a one-line comment for localizers that mentions which ID means what.
Comment on attachment 322754 [details] [diff] [review]
show the current time in addition to the unacceptable time

r- for multiple use of %S in a single string, but remainder looks good, and you get r+ if you fix this issue.
Attachment #322754 - Flags: review?(kaie) → review-
Assignee: kaie → timeless
Attachment #322754 - Attachment is obsolete: true
Ever confirmed: true
Attachment #354857 - Flags: review?(kaie)
Thanks for the updated patch, and I agree with your change, thanks a lot.

However, I have to apologize and want to ask for one more change.
When you make such a change, you must use updated string identifiers, and of course change the code that uses them. :-/

(Unless Pike thinks changing the ID is not necessary)
Also, please indicate that you have tested the patch.
Attached patch renamedSplinter Review
Attachment #354857 - Attachment is obsolete: true
Attachment #356484 - Flags: review?(kaie)
Attachment #354857 - Flags: review?(kaie)
Comment on attachment 356484 [details] [diff] [review]

Thanks, r=kaie
Attachment #356484 - Flags: review?(kaie) → review+
Keywords: checkin-needed
Closed: 13 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a1
Comment on attachment 356484 [details] [diff] [review]

We're working on mobile devices which generally have an incorrect notion of the time. As a result the current error message in 1.9.2, which doesn't include this fix, results in users blaming the browser instead of recognising that the system is at fault.

We'd appreciate it if this patch could be approved for the 1.9.2 branch. We're aware that this introduces new strings.

It's currently available in 18 translations:
Attachment #356484 - Flags: approval1.9.2?
Keywords: late-l10n
I'm not sure that the message improves the situation significantly enough to warrant landing this on 1.9.2 still.
Comment on attachment 356484 [details] [diff] [review]

We can't take string changes on 1.9.2 now.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.